lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 29 Nov 2007 16:12:56 +0000
From:	tvrtko.ursulin@...hos.com
To:	Alan Cox <alan@...rguk.ukuu.org.uk>
Cc:	linux-kernel@...r.kernel.org,
	Stephen Hemminger <shemminger@...ux-foundation.org>
Subject: Re: Out of tree module using LSM

Alan Cox <alan@...rguk.ukuu.org.uk> wrote on 28/11/2007 19:50:42:

> > So as there is no question the current code does some ugly things it 
is 
> > even more true that we would be even more happy to use an official 
API. 
> > LSM was that and we were happily using it which we won't be able to do 
if 
> > it abruptly goes away. Yes it is not a perfect match but until it is 
> > modified to be better, or until something appropriate is designed and 
> > implemented, it would be very nice if it could stay.
> 
> So for an SELinux based system what you are saying is you want to be 
able
> to stack your module with the SELinux module and after SELinux has
> considered policy rules still be able to veto them on the grounds that
> you are say about to serve a virus to a windows box ?

Basically yes but the effective scenario is a bit wider. Local actions 
like disallowing execution of rootkits, exploits and other similar malware 
are also interesting. Another example would be enforcing a corporate 
policy on which IM clients shouldn't be used so it is not just fileserver 
scenario in which Linux machines can be compromised.

But really I am not the best person to know all current attack vectors. 
Overall set of requirements and ideas is something we are working on with 
other vendors and hopefully with the community. This is one of the two 
main things my original post was about.

--
Tvrtko August Ursulin
Senior Software Engineer, Sophos

"Views and opinions expressed in this email are strictly those of the 
author.
 The contents has not been reviewed or approved by Sophos."

Tel: 01235 559933
Web: www.sophos.com
Protecting business against viruses, spyware, spam and policy abuse


Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon,
OX14 3YP, United Kingdom.

Company Reg No 2096520. VAT Reg No GB 348 3873 20.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists